Results 1 - 10
of
26
Semantic-Based Development of Service-Oriented Systems
- In Proc. of FORTE’06, volume 4229 of LNCS
, 2006
"... Abstract. Service-oriented computing is an emerging paradigm where services are understood as autonomous, platform-independent computational entities that can be described, published, categorised, discovered, and dynamically assembled for developing massively distributed, interoperable, evolvable sy ..."
Abstract
-
Cited by 24 (7 self)
- Add to MetaCart
(Show Context)
Abstract. Service-oriented computing is an emerging paradigm where services are understood as autonomous, platform-independent computational entities that can be described, published, categorised, discovered, and dynamically assembled for developing massively distributed, interoperable, evolvable systems and applications. The IST-FET Integrated Project SENSORIA aims at developing a novel comprehensive approach to the engineering of service-oriented software systems where foundational theories, techniques and methods are fully integrated in a pragmatic software engineering approach. In this paper we present first ideas for the SENSORIA semantic-based development of service-oriented systems. This includes service-oriented extensions to the UML, a mathematical basis formed by a family of process calculi, a language for expressing context-dependent soft constraints and preferences, qualitative and quantitative analysis methods, and model transformations from UML to process calculi. The results are illustrated by a case study in the area of automotive systems. 1
An Ontology for Secure Socio-Technical Systems
- in Handbook of Ontologies for Business Interaction, P. Ritggen, Ed.: IDEA Group
, 2007
"... Security is often compromised by exploiting vulnerabilities in the interface between the organization and the information systems that support it. This reveals the necessity of modeling and analyzing information systems together with the organizational setting where they will operate. In this chapte ..."
Abstract
-
Cited by 15 (7 self)
- Add to MetaCart
(Show Context)
Security is often compromised by exploiting vulnerabilities in the interface between the organization and the information systems that support it. This reveals the necessity of modeling and analyzing information systems together with the organizational setting where they will operate. In this chapter we address this problem by presenting a modeling language tailored to analyze the problem of security at an organizational level. This language proposes a set of concepts founded on the notions of permission, delegation, and trust. The chapter also presents a semantics for these concepts, based on Datalog. A case study from the bank domain is employed to illustrate the proposed language.
Towards the development of privacy-aware systems
- Inform. Softw
, 2008
"... Privacy and data protection are pivotal issues in the nowadays society. They con-cern the right to prevent dissemination of sensitive or confidential information of individuals. Many studies have been proposed on this topic from various perspec-tives, namely sociological, economic, legal, and techno ..."
Abstract
-
Cited by 15 (2 self)
- Add to MetaCart
(Show Context)
Privacy and data protection are pivotal issues in the nowadays society. They con-cern the right to prevent dissemination of sensitive or confidential information of individuals. Many studies have been proposed on this topic from various perspec-tives, namely sociological, economic, legal, and technological. We have recognized the legal perspective as being the basis of all other perspectives. Actually, data protection regulations set the legal principles and requirements that must be met by organizations when processing personal data. The objective of this work is to provide a reference base for the development of methodologies tailored to design privacy-aware systems to be compliant with data protection regulations.
Design of a Modelling Language for Information System Security Risk Management
, 2006
"... Abstract—Nowadays, security has become one of the most demanded characteristics of information systems. However, the ways to address information systems security still lack consensus and integration. On the one hand, researchers have extended various modelling languages and methods with security-ori ..."
Abstract
-
Cited by 11 (3 self)
- Add to MetaCart
(Show Context)
Abstract—Nowadays, security has become one of the most demanded characteristics of information systems. However, the ways to address information systems security still lack consensus and integration. On the one hand, researchers have extended various modelling languages and methods with security-oriented constructs in order to take security concerns into account throughout the development lifecycle. On the other hand, practitioners have developed risk management methods to help estimate the relative importance of security risks and the costeffectiveness of solutions to tackle them. They are mainly driven by security standards that help practitioners assess and improve the security level of their organisations. Obviously, those two families of approaches should be unified so as to maximise the return on investment of implementing security requirements, and thereby align business and information technology concerns related to security. This is the challenge that our research aims to address. This paper presents a research agenda and describes the first steps that were undertaken to achieve it: an alignment of the terminology in the risk management literature and the elaboration of a conceptual model of the risk management domain. Those results will then be inputs for the next phases, which aim to integrate security and risk management concepts in information system development methods.
Computer-aided support for Secure Tropos
- AUTOMATED SOFTWARE ENGINEERING
, 2007
"... In earlier work, we have introduced Secure Tropos, a requirements engineering methodology that extends the Tropos methodology and is intended for the design and analysis of security requirements. This paper briefly recaps the concepts proposed for capturing security aspects, and presents an impleme ..."
Abstract
-
Cited by 10 (5 self)
- Add to MetaCart
In earlier work, we have introduced Secure Tropos, a requirements engineering methodology that extends the Tropos methodology and is intended for the design and analysis of security requirements. This paper briefly recaps the concepts proposed for capturing security aspects, and presents an implemented graphical CASE tool that supports the Secure Tropos methodology. Specifically, the tool supports the creation of Secure Tropos models, their translation to formal specifications, as well as the analysis of these specifications to ensure that they comply with specific security properties. Apart from presenting the tool, the paper also presents a two-tier evaluation consisting of two case studies and an experimental evaluation of the tool’s scalability.
N.: B-Tropos: Agent-Oriented Requirements Engineering Meets Computational Logic for Declarative Business Brocess Modeling and Verification
- In: Proc. of CLIMA VIII
, 2007
"... Abstract. The work presented in this paper stands at the intersection of three diverse research areas: agent-oriented early requirements engi-neering, business process requirements elicitation and specification, and computational logic-based specification and verification. The analysis of business r ..."
Abstract
-
Cited by 8 (6 self)
- Add to MetaCart
(Show Context)
Abstract. The work presented in this paper stands at the intersection of three diverse research areas: agent-oriented early requirements engi-neering, business process requirements elicitation and specification, and computational logic-based specification and verification. The analysis of business requirements and the specification of business processes are fun-damental steps in the development of information systems. The first part of this paper presents B-Tropos as a way to combine business goals and requirements with the business process model. B-Tropos enhances a well-known agent-oriented early requirements engineering framework with declarative business process-oriented constructs, inspired by the DecSerFlow and ConDec languages. In the second part of the paper, we show a mapping of B-Tropos onto SCIFF, a computational logic-based framework for properties and conformance verification. 1
Engineering of softwareintensive systems: State of the art and research challenges
- in SoftwareIntensive Systems and New Computing Paradigms, ser. Lecture Notes in Computer Science
"... ..."
(Show Context)
Dealing with security requirements for socio-technical systems: A holistic approach
, 2014
"... Abstract. Security has been a growing concern for most large organiza-tions, especially financial and government institutions, as security breaches in the socio-technical systems they depend on are costing billions. A major reason for these breaches is that socio-technical systems are designed in a ..."
Abstract
-
Cited by 6 (5 self)
- Add to MetaCart
(Show Context)
Abstract. Security has been a growing concern for most large organiza-tions, especially financial and government institutions, as security breaches in the socio-technical systems they depend on are costing billions. A major reason for these breaches is that socio-technical systems are designed in a piecemeal rather than a holistic fashion that leaves parts of a system vulnerable. To tackle this problem, we propose a three-layer security anal-ysis framework for socio-technical systems involving business processes, applications and physical infrastructure. In our proposal, global security requirements lead to local security requirements that cut across layers and upper-layer security analysis influences analysis at lower layers. More-over, we propose a set of analytical methods and a systematic process that together drive security requirements analysis throughout the three-layer framework. Our proposal supports analysts who are not security experts by defining transformation rules that guide the corresponding analysis. We use a smart grid example to illustrate our approach.
How to capture, model, and verify the knowledge of legal, security, and privacy experts: a pattern-based approach
"... Laws set requirements that force organizations to assess the security and privacy of their IT systems and impose the adoption of the implementation of minimal precautionary security measures. Several frameworks have been proposed to deal with this issue. For instance, purpose-based access control is ..."
Abstract
-
Cited by 5 (2 self)
- Add to MetaCart
(Show Context)
Laws set requirements that force organizations to assess the security and privacy of their IT systems and impose the adoption of the implementation of minimal precautionary security measures. Several frameworks have been proposed to deal with this issue. For instance, purpose-based access control is normally considered a good solution for meeting the requirements of privacy legislation. Yet, understanding why, how, and when such solutions to security and privacy problems have to be deployed is often unanswered. In this paper, we look at the problem from a broader perspective, accounting for legal and organizational issues. Security engineers and legal experts should be able to start from the organizational model and derive from there the points where security and privacy problems may arise and determine which solutions best fit the (legal) problems that they face. In particular, we investigate the methodology needed to capture security and privacy requirements for a Health Care Centre using a smart items infrastructure.
State of the art for the engineering of softwareintensive systems. InterLink Deliverable Number D3.1, 2007. Availabe online at: http://interlink.ics.forth.gr/central.aspx?sId=84I238I744I323I344283
"... A growing range of products and services from all sectors of economic activity, our national infrastructure, our daily lives, they all depend on software-intensive systems. The growing productivity and the resulting increase in prosperity can to a large degree be attributed to developments in ICT [D ..."
Abstract
-
Cited by 3 (1 self)
- Add to MetaCart
(Show Context)
A growing range of products and services from all sectors of economic activity, our national infrastructure, our daily lives, they all depend on software-intensive systems. The growing productivity and the resulting increase in prosperity can to a large degree be attributed to developments in ICT [DGK03].
